Tool for collecting vulnerability data from various sources (used to build the grype database)
☆114Feb 27, 2026Updated this week
Alternatives and similar repositories for vunnel
Users that are interested in vunnel are comparing it to the libraries listed below
Sorting:
- ☆62Updated this week
- Compare vulnerability scanners results (to make them better!)☆27Feb 27, 2026Updated last week
- ☆17Updated this week
- Grype vulnerability check plugin for Visual Studio Code☆24Dec 11, 2024Updated last year
- a fast changelog generator sourced from PRs and Issues☆60Updated this week
- Improve Software Bill of Materials (SBOM) tooling and training to encourage adoption☆110Updated this week
- Labeled vulnerability-package match pairs used as ground truth to evaluate vulnerability scanners☆14Feb 26, 2026Updated last week
- Technical Advisory Council☆135Feb 17, 2026Updated 2 weeks ago
- go library for processing container images and simulating a squash filesystem☆104Feb 26, 2026Updated last week
- A tool to create, transform and attest VEX metadata☆176Updated this week
- Comparison of Chainguard Images to others☆21Updated this week
- Repository of SBOMs generated by the syft SBOM generator tool, against a list of popular dockerhub container images.☆19Oct 9, 2024Updated last year
- A place to systematically store software bill of materials (SBOM) documents.☆50Jun 1, 2023Updated 2 years ago
- Tooling and library for generation, validation and verification of supply chain metadata documents and frameworks☆33Apr 22, 2025Updated 10 months ago
- Prototype in-toto attestation verifier based on ITE-10 and ITE-11 layouts☆18Updated this week
- ☆102Sep 27, 2024Updated last year
- Scans Software Bill of Materials (SBOMs) for security vulnerabilities☆603Feb 10, 2026Updated 3 weeks ago
- Utility that provides an API and CLI to identify licenses and legal terms☆52Jul 11, 2025Updated 7 months ago
- Go beyond package manager discovery for SBOM☆18Feb 22, 2022Updated 4 years ago
- ☆23Oct 26, 2021Updated 4 years ago
- ☆192Feb 27, 2026Updated last week
- A license scanner for container images and filesystems.☆143Feb 26, 2026Updated last week
- Vulnerability database and package search for sources such as Linux, OSV, NVD, GitHub and npm. Powered by sqlite, CVE 5.2, purl, and vers…☆136Feb 23, 2026Updated last week
- Utility that provides an API platform for validating, querying and managing BOM data☆128Jan 2, 2026Updated 2 months ago
- Collection of Go packages to work with SPDX files☆160Feb 23, 2026Updated last week
- Produce an Open Source Vulnerability JSON file based on information in an SPDX document☆65May 27, 2024Updated last year
- in-toto Attestation Framework☆326Feb 17, 2026Updated 2 weeks ago
- Python implementation of Stakeholder-Specific Vulnerability Categorization (SSVC)☆23Jan 21, 2026Updated last month
- Example CLI project to demo API architecture and protobom library☆26Feb 26, 2026Updated last week
- Open Source Vulnerability schema.☆237Updated this week
- GUAC aggregates software security metadata into a high fidelity graph database.☆1,450Updated this week
- sbomqs: The Comprehensive SBOM Quality & Compliance Tool☆269Feb 26, 2026Updated last week
- Go module to generate and transform VEX documents☆55Updated this week
- A Golang library for interacting with the EPSS (Exploit Prediction Scoring System).☆30Feb 16, 2025Updated last year
- Exploit Prediction Scoring System (EPSS)☆31Jun 1, 2022Updated 3 years ago
- The Continuous Clearing Tool scans and collects third-party open-source components used in projects based on NPM, NuGet, Debian, Maven, P…☆31Feb 26, 2026Updated last week
- A Yocto meta-layer for generating CycloneDX SBOMs☆23Feb 23, 2026Updated last week
- Reports on the licenses used by a Go package and its dependencies.☆10Jul 24, 2024Updated last year
- DevOps Template Repository☆13Mar 19, 2025Updated 11 months ago